dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 Seperate the code that is required for the login from the code that just used printing headers and footers. Put them in different include files Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 huh? u kinda lost me, is that not waht i already have Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 Well if you have code that outputs HTML data and yet is still required to for the login process, then it is not seperated. Most large programs will keep all code that contains and prints HTML in serperate file and the rest of the code that does the 'thinking' in other files. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 Ok, i don't have a clue about what you just said,lol, soz, shall i just add the session start to the top of everypage?? Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 Only 1 session_start() per browser request. You can make sure that you get that by, putting a session_start() ( or including the a file that has it ) into each page that can be accessed directly from the browser. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 fixed, i just added session_start(); to the top of the login script, as all my other pages contain the session_start(); part in the header.php file Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 21, 2008 Author Share Posted April 21, 2008 Another problem, this code if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=$_SERVER[REQUEST_URI]'>"; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; } } how can i stop it reposting the data, as it does store the session, but when it takes you back to the page it reposts the data(which is blank) Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 21, 2008 Share Posted April 21, 2008 Huh? How can a server-side script cause the browser to repost a form? Does it have anything to do with you useing a meta refresh rather then a 'Location:' header? I would really recommend using header('Location: URL'); rather then a meta refresh. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 21, 2008 Author Share Posted April 21, 2008 yer because it is resending the data. is there anyway to stop it doing this, as i don't think/no if i can add a header instead of the meta refresh Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 21, 2008 Share Posted April 21, 2008 If you can send cookies, you can send a location header. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 21, 2008 Author Share Posted April 21, 2008 erm, well, using this code i get the error, not all fields field in, but the session is created for the admin so it has logged in, but resent so thats why the error is showing. to see for your self, http://deanwhitehouse.awardspace.co.uk/admin/admin_centre.php Username: Blade280891 Password: Natasha case sensitive. The error appears at the top left, and refresh to see the admin centre <?php require_once '../includes/main.inc.php'; require_once '../includes/db_connect.php'; require_once '../includes/config_table.inc.php'; session_start(); // Only include the header and footers if you have to print errors function print_error($err_message) { require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; echo $err_message; exit; } $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $salt = substr($user_password, 0, 2); $userPswd = crypt($user_password, $salt); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); header("Location:".$_SERVER[REQUEST_URI]); $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; } } else{ print_error( 'Login failed. Username and Password did not match database entries.'); } } else { print_error( "Form was not completed. Please go back and make sure that the form was fully completed."); } mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 21, 2008 Author Share Posted April 21, 2008 does anyone no?? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.